Working reference implementation of TwoFish?

4.7k views Asked by At

The wikipedia page on TwoFish points at this reference implementation in C (and code) which is fine, but it lacks a main and my first few passes at implementing one didn't correctly process any of the "known vector" test cases I attempted. I suspect I'm looking at a problem of not using the API correctly but I have no idea where to start looking for the error. Rather than beat my head on that one, I'd rather start with a codebase that:

  1. Runs out of the box
  2. Has tests
  3. Is self contained
  4. Is written for clarity

I also have a strong preference for C or C like C++ code.


Note: I'm more interested in code readability than anything else at this point. Small, simple code that can encrypt and decrypt a single block and a main function that hard codes a call or three would be ideal. Most anything beyond that (like any user interface) will just be noise for my use case.

Also, anything that has a licence more restrictive than Boost will be useful to me only as an source of know good values and states to compare with.

4

There are 4 answers

0
BCS On BEST ANSWER

I eventually found this Python implementation derived from the C implamentation I listed above. The root cause of my issues turned out to be that the words of the key were in the wrong order.

5
sarnold On

The cryptcat package on Ubuntu and Debian provide a nc(1)-like functionality with twofish built in.

The twofish support is provided in twofish2.cc and twofish2.h in the source package. farm9crypt.cc provides a layer between C-style read() and write() functionality and the twofish algorithm -- it's in a style that I'd call C-like C++.

0
Graham Asher On

I took an implementation by Neils Ferguson, one of the designers of Twofish, and wrapped it (very lightly, making very few changes) in C++, and it works well. I must strongly underline that I have done almost no work here, and don't claim to understand how Twofish works (and that's after reading up on it - but it's too hard for me to follow).

The constructor does comprehensive testing, and aborts if the tests fail, so once you have a fully constructed object you know it's going to work.

I've put the sources here: https://www.cartotype.com/assets/downloads/twofish/.

There are various configurable things in the files; one you might want to change is the abort function, Twofish_fatal, which in my version attempts to write to address 0 to force an exit, but that doesn't work on some platforms.

Like the code mentioned above, all this does is encode single 16-byte blocks (ECB = Electronic Code Book mode). But it's very easy to implement a better mode on top of it, like cipher bock chaining, in which each block of plain text is XORed with the previous block of cipher text before encrypting (use a random 'initialisation vector' of 16 bytes for the first block, and transmit that along with the encrypted data).

Another implementation can be found in the source code to Bruce Schneier's open-source password database program, PasswordSafe: the relevant sources are here: http://passwordsafe.git.sourceforge.net/git/gitweb.cgi?p=passwordsafe/pwsafe.git;a=tree;f=pwsafe/pwsafe/src/core;hb=HEAD. I haven't tried it so I can't comment on how easy it is to integrate.

1
cosimo oliboni On

if you had taken just a minute to read the reference implementation provided by libObfuscate you would have found a cut'n'paste example of using TwoFish.

// Encrypt : outBuf [16] = Twofish ECB ( inBuf [16] )
TWOFISH_STATIC_DATA twofish; 
BYTE passw [32]; 
BYTE inBuf [16] , outBuf [16]; 

memset( &twofish , 0 , sizeof( TWOFISH_STATIC_DATA ) ); 
Twofish_set_key( &twofish.key , ( DWORD * ) passw , 256 );
Twofish_encrypt( &twofish.key , ( DWORD * ) inBuf , ( DWORD * ) outBuf );   

No serious REFERENCE IMPLEMENTATION would be else but a single-block ECB implementation.

If you wish to encrypt more data you need to choose the cipher-block chaining mode (CBC, ecc...) and apply it on top of ECB.